Communication ports for Symantec Endpoint Protection

If the computers that run Symantec Endpoint Protection Manager and the Symantec Endpoint Protection client also run third-party firewall software or hardware, you must open certain ports. These ports are for remote deployment and for communication between the management server and clients. See your firewall product documentation for instructions to open ports or allow applications to use ports.

By default, the firewall component of Symantec Endpoint Protection already allows traffic on these ports.

Warning:

The firewall in the Symantec Endpoint Protection client is disabled by default at initial installation until the computer restarts. To ensure firewall protection, leave the Windows firewall enabled on the clients until the software is installed and the client is restarted. The Symantec Endpoint Protection client firewall automatically disables the Windows firewall when the computer restarts.

Symantec Protection Center 2.0 is not supported for use with Symantec Endpoint Protection 14.x.

12.1.x

TCP 9090

Web console communication

SemSvc.exe

This port is used only for initial HTTP communication between the remote management console and Symantec Endpoint Protection Manager. This initial communication includes installation, and to display the logon screen only.

Communication between the Symantec Endpoint Protection roaming client and the cloud console

None

Managed clients that have intermittent communication with Symantec Endpoint Protection Manager upload their critical events directly to the cloud console. Symantec Endpoint Protection Manager must be enrolled with the cloud console.

The management server uses this port to communicate with the Content Analysis server or the Malware Analysis Appliance.

As of 14.2

TCP 8445

Used by the remote reporting console

httpd.exe (Apache)

Initiated by the reporting console

Configurable

All

TCP 8446

Web services

semapisrv.exe

(14.x)

SemSvc.exe

(12.1.x)

Remote management applications use this port to send web services traffic over HTTPS.

Initiated by Remote Monitoring and Management (RMM) and by EDR

Configurable

Used for Java Remote Console (as of version 14.0.1)

All

TCP 8447

Process launcher

semlaunchsrv.exe

This virtual service account launches any Symantec Endpoint Protection Manager processes that require higher privileges, so that these other services do not need to have them. Only honors requests from localhost.

Initiated by Symantec Endpoint Protection Manager (SemSvc.exe)

Configurable

All, as of 12.1.5

TCP 8765

Server control

SemSvc.exe

Used by Symantec Endpoint Protection Manager for Tomcat web service for shutdown.

Windows Vista and later contain a firewall that is enabled by default. If the firewall is enabled, you might not be able to install or deploy the client software remotely. If you have problems deploying the client to computers running these operating systems, configure their firewalls to allow the required traffic.

If you decide to use the Windows firewall after deployment, you must configure it to allow file and printer sharing (port 445).

For more information about configuring Windows firewall settings, see the Windows documentation.